Thread Info
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 3437 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bug - logfile hostname changes after new gateway ip assigned

TrevorFurnell

I'm using the home user licence and have found what appears to problem with the Remote Syslog Server module.

I have my UTM sending all log files to my local splunk installation.

Problem.
When my internet provider changes my gateway ip address, (or I do a reconnect and get assigned a new ip) the hostname in my log files changes.

Solution.
Log into the UTM, go to Log Settings -> Remote Syslog Server, and then Disable and re-Enable. The log files are now showing the correct hostname.

(Why isn't there an option to attach an example log file.. to this..)

Example log file below..

This shows when the connection gateway was reset.

2016-05-11T11:07:35.338554+10:00 astaro.tspoon.com.au 2016: 05:11-11:07:05 awed [master][4209]: Cannot connect: Connection refused
2016-05-11T11:07:35.418430+10:00 astaro.tspoon.com.au 2016: 05:11-11:07:05 astaro irqd[5333]: received SIGTERM
2016-05-11T11:10:09.416435+10:00 gateway 2016: 05:11-11:08:58 astaro syslog-ng[4458]: syslog-ng starting up; version='3.4.7'
2016-05-11T11:10:09.416435+10:00 gateway 2016: 05:11-11:08:59 astaro ulogd[4449]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth2" srcmac="00:08:a2:09:31:20" srcip="192.168.11.1" dstip="192.168.11.2" proto="6" length="60" tos="0x00" prec="0x00" ttl="64" srcport="58795" dstport="515" tcpflags="SYN"

This shows when I disabled, then re-enable the remote syslog

2016-05-11T16:24:24.774352+10:00 gateway 2016: 05:11-16:23:54 astaro middleware[3706]: T core::Config::Changed:194() => configversion=13
2016-05-11T16:24:24.777239+10:00 gateway 2016: 05:11-16:23:54 astaro middleware[3706]: T core::Config::Changed:204() => nodes=1 objects=0 triggers=0
2016-05-11T16:24:24.777934+10:00 gateway 2016: 05:11-16:23:54 astaro middleware[3706]: T core::Config::load:347() => modules=1,2
2016-05-11T16:24:34.190335+10:00 astaro.tspoon.com.au 2016: 05:11-16:24:02 astaro syslog-ng[4458]: Configuration reload request received, reloading configuration;
2016-05-11T16:24:34.190335+10:00 astaro.tspoon.com.au 2016: 05:11-16:24:03 astaro middleware[3706]: T modules::ipset::deleteUnused:320() => auto#=9/682 confd#=1/341

Trevor..



This thread was automatically locked due to age.
Unfiltered HTML